The problem can be corrected by upgrading the affected package toversion 0.94.0-5ubuntu1.3 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.2(for Ubuntu 5.10). After doing a standard system upgrade you need torestart dia to effect the necessary changes.

Details follow:

Several format string vulnerabilities have been discovered in dia. Bytricking a user into opening a specially crafted dia file, or afile with a specially crafted name, this could be exploited to executearbitrary code with the user's privileges.